Update-MgBetaDeviceManagementRoleAssignment
Update the navigation property roleAssignments in deviceManagement
Note
To view the v1.0 release of this cmdlet, view Update-MgDeviceManagementRoleAssignment
Syntax
Update-MgBetaDeviceManagementRoleAssignment
-DeviceAndAppManagementRoleAssignmentId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Description <String>]
[-DisplayName <String>]
[-Id <String>]
[-Members <String[]>]
[-ResourceScopes <String[]>]
[-RoleDefinition <IMicrosoftGraphRoleDefinition>]
[-RoleScopeTags <IMicrosoftGraphRoleScopeTag[]>]
[-ScopeMembers <String[]>]
[-ScopeType <RoleAssignmentScopeType>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaDeviceManagementRoleAssignment
-DeviceAndAppManagementRoleAssignmentId <String>
-BodyParameter <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaDeviceManagementRoleAssignment
-InputObject <IDeviceManagementAdministrationIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Description <String>]
[-DisplayName <String>]
[-Id <String>]
[-Members <String[]>]
[-ResourceScopes <String[]>]
[-RoleDefinition <IMicrosoftGraphRoleDefinition>]
[-RoleScopeTags <IMicrosoftGraphRoleScopeTag[]>]
[-ScopeMembers <String[]>]
[-ScopeType <RoleAssignmentScopeType>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaDeviceManagementRoleAssignment
-InputObject <IDeviceManagementAdministrationIdentity>
-BodyParameter <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Update the navigation property roleAssignments in deviceManagement
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
The Role Assignment resource. Role assignments tie together a role definition with members and scopes. There can be one or more role assignments per role. This applies to custom and built-in roles. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphDeviceAndAppManagementRoleAssignment |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Description of the Role Assignment.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DeviceAndAppManagementRoleAssignmentId
The unique identifier of deviceAndAppManagementRoleAssignment
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
The display or friendly name of the role Assignment.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IDeviceManagementAdministrationIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Members
The list of ids of role member security groups. These are IDs from Azure Active Directory.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceScopes
List of ids of role scope member security groups. These are IDs from Azure Active Directory.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleDefinition
The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. To construct, see NOTES section for ROLEDEFINITION properties and create a hash table.
| Type: | IMicrosoftGraphRoleDefinition |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleScopeTags
The set of Role Scope Tags defined on the Role Assignment. To construct, see NOTES section for ROLESCOPETAGS properties and create a hash table.
| Type: | IMicrosoftGraphRoleScopeTag[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScopeMembers
List of ids of role scope member security groups. These are IDs from Azure Active Directory.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScopeType
Specifies the type of scope for a Role Assignment.
| Type: | RoleAssignmentScopeType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceAndAppManagementRoleAssignment
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceAndAppManagementRoleAssignment
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>: The Role Assignment resource.
Role assignments tie together a role definition with members and scopes.
There can be one or more role assignments per role.
This applies to custom and built-in roles.
[(Any) <Object>]: This indicates any property can be added to this object.[Description <String>]: Description of the Role Assignment.[DisplayName <String>]: The display or friendly name of the role Assignment.[ResourceScopes <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Description <String>]: Description of the Role definition.[DisplayName <String>]: Display Name of the Role definition.[IsBuiltIn <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.[IsBuiltInRoleDefinition <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.[Permissions <IMicrosoftGraphRolePermission-[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission.[Actions <String-[]>]: Allowed Actions - Deprecated[ResourceActions <IMicrosoftGraphResourceAction-[]>]: Resource Actions each containing a set of allowed and not allowed permissions.[AllowedResourceActions <String-[]>]: Allowed Actions[NotAllowedResourceActions <String-[]>]: Not Allowed Actions.
[RoleAssignments <IMicrosoftGraphRoleAssignment-[]>]: List of Role assignments for this role definition.[Id <String>]: The unique identifier for an entity. Read-only.[Description <String>]: Description of the Role Assignment.[DisplayName <String>]: The display or friendly name of the role Assignment.[ResourceScopes <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.[ScopeMembers <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment.
[RolePermissions <IMicrosoftGraphRolePermission-[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission.[RoleScopeTagIds <String-[]>]: List of Scope Tags for this Entity instance.
[ScopeMembers <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment.[Id <String>]: The unique identifier for an entity. Read-only.[Members <String-[]>]: The list of ids of role member security groups. These are IDs from Azure Active Directory.[RoleScopeTags <IMicrosoftGraphRoleScopeTag-[]>]: The set of Role Scope Tags defined on the Role Assignment.[Id <String>]: The unique identifier for an entity. Read-only.[Assignments <IMicrosoftGraphRoleScopeTagAutoAssignment-[]>]: The list of assignments for this Role Scope Tag.[Id <String>]: The unique identifier for an entity. Read-only.[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.[(Any) <Object>]: This indicates any property can be added to this object.[DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment.[DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter.
[Description <String>]: Description of the Role Scope Tag.[DisplayName <String>]: The display or friendly name of the Role Scope Tag.
INPUTOBJECT <IDeviceManagementAdministrationIdentity>: Identity Parameter
[AuditEventId <String>]: The unique identifier of auditEvent[CartToClassAssociationId <String>]: The unique identifier of cartToClassAssociation[CloudPcAuditEventId <String>]: The unique identifier of cloudPcAuditEvent[CloudPcBulkActionId <String>]: The unique identifier of cloudPcBulkAction[CloudPcDeviceImageId <String>]: The unique identifier of cloudPcDeviceImage[CloudPcExportJobId <String>]: The unique identifier of cloudPcExportJob[CloudPcExternalPartnerSettingId <String>]: The unique identifier of cloudPcExternalPartnerSetting[CloudPcFrontLineServicePlanId <String>]: The unique identifier of cloudPcFrontLineServicePlan[CloudPcGalleryImageId <String>]: The unique identifier of cloudPcGalleryImage[CloudPcId <String>]: The unique identifier of cloudPC[CloudPcOnPremisesConnectionId <String>]: The unique identifier of cloudPcOnPremisesConnection[CloudPcProvisioningPolicyAssignmentId <String>]: The unique identifier of cloudPcProvisioningPolicyAssignment[CloudPcProvisioningPolicyId <String>]: The unique identifier of cloudPcProvisioningPolicy[CloudPcServicePlanId <String>]: The unique identifier of cloudPcServicePlan[CloudPcSharedUseServicePlanId <String>]: The unique identifier of cloudPcSharedUseServicePlan[CloudPcSnapshotId <String>]: The unique identifier of cloudPcSnapshot[CloudPcSupportedRegionId <String>]: The unique identifier of cloudPcSupportedRegion[CloudPcUserSettingAssignmentId <String>]: The unique identifier of cloudPcUserSettingAssignment[CloudPcUserSettingId <String>]: The unique identifier of cloudPcUserSetting[ComanagementEligibleDeviceId <String>]: The unique identifier of comanagementEligibleDevice[ComplianceManagementPartnerId <String>]: The unique identifier of complianceManagementPartner[DeviceAndAppManagementRoleAssignmentId <String>]: The unique identifier of deviceAndAppManagementRoleAssignment[DeviceManagementDomainJoinConnectorId <String>]: The unique identifier of deviceManagementDomainJoinConnector[DeviceManagementExchangeConnectorId <String>]: The unique identifier of deviceManagementExchangeConnector[DeviceManagementExchangeOnPremisesPolicyId <String>]: The unique identifier of deviceManagementExchangeOnPremisesPolicy[DeviceManagementPartnerId <String>]: The unique identifier of deviceManagementPartner[GroupPolicyCategoryId <String>]: The unique identifier of groupPolicyCategory[GroupPolicyCategoryId1 <String>]: The unique identifier of groupPolicyCategory[GroupPolicyDefinitionFileId <String>]: The unique identifier of groupPolicyDefinitionFile[GroupPolicyDefinitionId <String>]: The unique identifier of groupPolicyDefinition[GroupPolicyMigrationReportId <String>]: The unique identifier of groupPolicyMigrationReport[GroupPolicyObjectFileId <String>]: The unique identifier of groupPolicyObjectFile[GroupPolicyOperationId <String>]: The unique identifier of groupPolicyOperation[GroupPolicyPresentationId <String>]: The unique identifier of groupPolicyPresentation[GroupPolicySettingMappingId <String>]: The unique identifier of groupPolicySettingMapping[GroupPolicyUploadedDefinitionFileId <String>]: The unique identifier of groupPolicyUploadedDefinitionFile[IntuneBrandingProfileAssignmentId <String>]: The unique identifier of intuneBrandingProfileAssignment[IntuneBrandingProfileId <String>]: The unique identifier of intuneBrandingProfile[IosUpdateDeviceStatusId <String>]: The unique identifier of iosUpdateDeviceStatus[ManagedAllDeviceCertificateStateId <String>]: The unique identifier of managedAllDeviceCertificateState[MobileThreatDefenseConnectorId <String>]: The unique identifier of mobileThreatDefenseConnector[NdesConnectorId <String>]: The unique identifier of ndesConnector[RemoteAssistancePartnerId <String>]: The unique identifier of remoteAssistancePartner[ResourceOperationId <String>]: The unique identifier of resourceOperation[RestrictedAppsViolationId <String>]: The unique identifier of restrictedAppsViolation[RoleAssignmentId <String>]: The unique identifier of roleAssignment[RoleDefinitionId <String>]: The unique identifier of roleDefinition[RoleScopeTagAutoAssignmentId <String>]: The unique identifier of roleScopeTagAutoAssignment[RoleScopeTagId <String>]: The unique identifier of roleScopeTag[TelecomExpenseManagementPartnerId <String>]: The unique identifier of telecomExpenseManagementPartner[TermsAndConditionsAcceptanceStatusId <String>]: The unique identifier of termsAndConditionsAcceptanceStatus[TermsAndConditionsAssignmentId <String>]: The unique identifier of termsAndConditionsAssignment[TermsAndConditionsGroupAssignmentId <String>]: The unique identifier of termsAndConditionsGroupAssignment[TermsAndConditionsId <String>]: The unique identifier of termsAndConditions[UnsupportedGroupPolicyExtensionId <String>]: The unique identifier of unsupportedGroupPolicyExtension[UserId <String>]: The unique identifier of user[UserPfxCertificateId <String>]: The unique identifier of userPFXCertificate
ROLEDEFINITION <IMicrosoftGraphRoleDefinition>: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Description <String>]: Description of the Role definition.[DisplayName <String>]: Display Name of the Role definition.[IsBuiltIn <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.[IsBuiltInRoleDefinition <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.[Permissions <IMicrosoftGraphRolePermission-[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission.[Actions <String-[]>]: Allowed Actions - Deprecated[ResourceActions <IMicrosoftGraphResourceAction-[]>]: Resource Actions each containing a set of allowed and not allowed permissions.[AllowedResourceActions <String-[]>]: Allowed Actions[NotAllowedResourceActions <String-[]>]: Not Allowed Actions.
[RoleAssignments <IMicrosoftGraphRoleAssignment-[]>]: List of Role assignments for this role definition.[Id <String>]: The unique identifier for an entity. Read-only.[Description <String>]: Description of the Role Assignment.[DisplayName <String>]: The display or friendly name of the role Assignment.[ResourceScopes <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.[ScopeMembers <String-[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory.[ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment.
[RolePermissions <IMicrosoftGraphRolePermission-[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission.[RoleScopeTagIds <String-[]>]: List of Scope Tags for this Entity instance.
ROLESCOPETAGS <IMicrosoftGraphRoleScopeTag- []>: The set of Role Scope Tags defined on the Role Assignment.
[Id <String>]: The unique identifier for an entity. Read-only.[Assignments <IMicrosoftGraphRoleScopeTagAutoAssignment-[]>]: The list of assignments for this Role Scope Tag.[Id <String>]: The unique identifier for an entity. Read-only.[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.[(Any) <Object>]: This indicates any property can be added to this object.[DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment.[DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter.
[Description <String>]: Description of the Role Scope Tag.[DisplayName <String>]: The display or friendly name of the Role Scope Tag.